4.10.2.3 Using VBScript

4.10.3 Discussion

To create an object in Active Directory, you have to specify the
objectClass, relative distinguished name (RDN)
value, and any other mandatory attributes that are not automatically
set by Active Directory. Some of the automatically generated
attributes include objectGUID,
instanceType, and
objectCategory.

In the jsmith example, the objectclass was
user, the RDN value was jsmith,
and the only other mandatory attribute that had to be set was
sAMAccountName. Admittedly, this user object is
unusable in its current state because it will be disabled by default
and no password was set, but it should give you an idea of how to
create an object.

4.10.3.1 Using a graphical user interface

Other tools, such as AD Users and Computers, could be used to do the
same thing, but ADSI Edit is useful as a generic object editor.

One attribute that you will not be able to set via ADSI Edit is the
password (unicodePwd attribute). It is stored in
binary form and cannot be edited directly. If you want to set the
password for a user through a GUI, you can do it with the AD Users
and Computers snap-in.

4.10.3.2 Using a command-line interface

For more on ldifde, see Recipe 4.25.

With dsadd, you can set numerous attributes when
creating an object. The downside is that as of the publication of
this book, you can create only these object types: computer, contact,
group, ou, quota, and user.

4.10.3.3 Using VBScript

The first step to create an object is to call
GetObject on the parent container. Then call the
Create method on that object and specify the
objectClass and RDN for the new object. The
sAMAccountName attribute is then set by using the
Put method. Finally, SetInfo
commits the change. If SetInfo is not called, the
creation will not get committed to the domain controller.